<?php
header('Access-Control-Allow-Origin:*');
// echo "hello word";exit();
/*
	[SupeSite] (C) 2007-2009 Comsenz Inc.
	$Id: admincp.php 13470 2009-11-04 07:19:53Z zhaofei $
*/
include_once('./common.php');
include_once(S_ROOT.'./function/html.func.php');
include_once(S_ROOT.'./function/admin.func.php');
include_once(S_ROOT.'./function/cache.func.php');

@include_once(S_ROOT.'./function/register.func.php');
@define('IN_SUPESITE_ADMINCP', TRUE);
define('IMG_DIR', S_URL.'/admin/images');
define('CPURL', S_URL.'/admincp.php');

session_start();

$action = empty($_GET['action'])?'':$_GET['action'];



$login_count = $_SESSION['Agentlogin_count'];
$add = 1;
$cookietime = 0;
if(!empty($_POST['cookietime'])) $cookietime = intval($_POST['cookietime']);
if (submitcheck('loginsubmit')) {
	$username=$_POST['username'];
	$password=$_POST['password'];
    if(preg_match('/^[a-z0-9A-Z-_]+$/',$username)){
        $member = get_agent_by_username($username);
    }else{
        showmessage('用户格式有误，请重新输入');
    }
    //if(empty($member['username']) || $member['password'] != strtoupper(sha1($password))) {
    if(empty($member['phone_number']) || $member['user_password'] != md5($password)) {
        $_SESSION['Agentlogin_count'] = $login_count + $add;
        showmessage('用户名或密码不正确');
    }
    $members = array('uid'=>$member['uuid'],'username'=>$member['pet_name'],'password'=>$member['user_password'],'level'=>$member['user_level'],'type'=>$member['user_type'],'stock_id'=>$member['stock_id']);
    if(empty($members['uid'])) {
        showmessage('用户或密码不正确！');
    }


    //登录成功
    $_SESSION['Agentlogin_count'] = 0;
    $uid = $_SGLOBAL['supe_uid'] = $members['uid'];
    $groupid = $members['level'];
    $password = $members['password'];
    $cookievalue = authcode("$password\t$uid\t".$members['stock_id'], 'ENCODE');
    ssetcookie('auth', $cookievalue, $cookietime);
    setcookie('_refer', '');
    // 保存用户信息
	$_SGLOBAL['sys_user'] = $members;
	

	// var_dump('expression');
	// var_dump($_SGLOBAL['sys_user']['type']);die;
}
// var_dump($_SGLOBAL);exit;
//二次登录确认(半个小时)
$cpaccess = 0;
$query = $_SGLOBAL['db']->query("SELECT errorcount FROM t_sys_user_session WHERE uid='$_SGLOBAL[supe_uid]' AND dateline+1800>='$_SGLOBAL[timestamp]'");
if($session = $_SGLOBAL['db']->fetch_array($query)) {
	if($session['errorcount'] == -1) {
		$_SGLOBAL['db']->query("UPDATE t_sys_user_session SET dateline='$_SGLOBAL[timestamp]' WHERE uid='$_SGLOBAL[supe_uid]'");
		$cpaccess = 2;
	} elseif($session['errorcount'] <= 3) {
		$cpaccess = 1;
	}
} else {
	$_SGLOBAL['db']->query("DELETE FROM t_sys_user_session WHERE uid='$_SGLOBAL[supe_uid]' OR dateline+1800<'$timestamp'");
	$_SGLOBAL['db']->query("INSERT INTO t_sys_user_session (uid, ip, dateline, errorcount)
		VALUES ('$_SGLOBAL[supe_uid]', '".$_SGLOBAL['onlineip']."', '$_SGLOBAL[timestamp]', '0')");
	$cpaccess = 1;
}

switch ($cpaccess) {
	case '1'://可以登录
		
		if(submitcheck('dologin', 1)) {
			if(!$passport = getpassport($_POST['username'], $_POST['password'])) {
				$_SGLOBAL['db']->query("UPDATE t_sys_user_session SET errorcount=errorcount+1 WHERE uid='$_SGLOBAL[supe_uid]'");
				showmessage('enter_the_password_is_incorrect', '/agent');
			} else {
				$_SGLOBAL['db']->query("UPDATE t_sys_user_session SET errorcount='-1' WHERE uid='$_SGLOBAL[supe_uid]'");
				$refer = empty($_SCOOKIE['_refer'])?$_SGLOBAL['refer']:rawurldecode($_SCOOKIE['_refer']);
				if(empty($refer) || preg_match("/(login)/i", $refer)) {
					$refer = '/agent';
				}
				
				showmessage('login_success', $refer, 0);
			}
		} else {
			if($_SERVER['REQUEST_METHOD'] == 'GET') {
				ssetcookie('_refer', rawurlencode($_SERVER['REQUEST_URI']));
			} else {
				ssetcookie('_refer', rawurlencode('admincp.php?ac='.$_GET['ac']));
			}
			include_once template('/login.html', 1);
			exit();
		}
		break;
	case '2'://登录成功
		break;
	default://尝试次数太多禁止登录
		showmessage('excessive_number_of_attempts_to_sign');
		break;
}
//语言包
include_once(S_ROOT.'./language/admincp.lang.php');

//记录log
@$fp = fopen(S_ROOT.'./log/admincplog.php', 'a');
@flock($fp, 2);
@fwrite($fp, "<?exit?>$_SGLOBAL[timestamp]\t$_SGLOBAL[supe_username]\t$_SGLOBAL[onlineip]\t".$_SERVER['QUERY_STRING']."\n");
@fclose($fp);
if(empty($_GET['module'])){
	$_GET['module'] = 'sys';
}
// 默认action
if(empty($_GET['action'])){
	$_GET['action'] = 'index';
}
// //查询菜单
// $modelClass = 'app\com\simtoon\models\Menu';
// $_POST['type']=$_SGLOBAL['sys_user']['type'];
// $_POST['uid']=$_SGLOBAL['sys_user']['uid'];
// $_POST['stock_id']=$_SGLOBAL['sys_user']['stock_id'];
// $global_username=$_SGLOBAL['sys_user']['username'];
// //获取用户所有菜单
// $data=YiiComm::executeByMethod($modelClass,"getMenu",$_POST);	
// //获取所有仓库
// $global_ware=YiiComm::executeByMethod($modelClass,"getAllWare",$_POST);
// //获取默认仓库
// $global_warename=YiiComm::executeByMethod($modelClass,"getwarename",$_POST)[0];
// //整理格式
// $global_menus=_tree($data);
// foreach ($global_menus as $key => $value) {
// 	if(count($value['children'])<=0&&$value['pid']!=0){
// 		unset($global_menus[$key]);
// 	}
// }

// function _tree($arr){
// 	static $tree=array();
// 	foreach ($arr as $k => $v) {
// 	    $tree[$v['id']]=$v;
// 	    $tree[$v['id']]['children']=array();
// 	}
// 	foreach ($tree as $key => $value) {
// 	    if ($value['pid']!=0) {
// 	        $tree[$value['pid']]['children'][] = &$tree[$key];
// 	    }
// 	}
// 	return $tree;
// }
// 引入菜单文件
include_once S_ROOT.'./admin/class/'.$_GET['module'].'/'.$_GET['action'].'.php';
?>